<?php

$title = "Podania";
require_once("includes/head.php"); if (!$_GET['ajax']) require_once("includes/head_start.php"); 

if ($player -> rank != "Admin" && $player -> rank != "Staff" && $player -> rank != "Gwardzista" && $player -> rank != "Kapitan Gwardii" && $player -> rank != "MG") 
{
    error (NOT_ADMIN);
}

/**
* Get the localization for game
*/
require_once("languages/".$player -> lang."/notatnik.php");

if ($player -> rank == 'Gwardzista')
{

	$log = $db -> Execute("SELECT * FROM `kandydat` where (rank='Member' OR rank='Przybysz') AND wysw='T' ORDER BY `id` ASC");
} elseif ($player -> rank == 'Admin' || $player -> rank == 'Staff')
{
	$_GET['wszystkie'] = str_replace("'","",(strip_tags(htmlspecialchars(mysql_escape_string($_GET['wszystkie'])))));
	if ($_GET['wszystkie'] == 'tak')
	{
	$log = $db -> Execute("SELECT * FROM `kandydat` where `idkandydat`!=0 ORDER BY `id` ASC");
	} elseif ($_GET['wszystkie'] == '')  {
	$log = $db -> Execute("SELECT * FROM `kandydat` where `idkandydat`!=0 AND wysw='T' ORDER BY `id` ASC");
	} else {
	$log = $db -> Execute("SELECT * FROM `kandydat` where `idkandydat`!=0 AND rank='".$_GET['wszystkie']."' ORDER BY `id` ASC");
	}
} elseif ($player -> rank == 'Kapitan Gwardii')
{
	$log = $db -> Execute("SELECT * FROM `kandydat` where (rank='Member' OR rank='Przybysz' OR rank='Gwardzista') AND wysw='T' ORDER BY `id` ASC");
}

$arrtime = array();
$arropis = array();
$arrautor = array();
$arrautorname = array();
$arrlokacja = array();
$arrid = array();
$arrpowod = array();
$i = 0;
while (!$log -> EOF) 
{
    $arrtime[$i] = $log -> fields['date'];
    $arropis[$i] = $log -> fields['text'];
    $arrautor[$i] = $log -> fields['idkandydat'];
    $arrautorname[$i] = $log -> fields['user'];
    $arrlokacja[$i] = $log -> fields['rank'];
    $arrid[$i] = $log -> fields['id'];
    $arrpowod[$i] = $log -> fields['powod'];
    $log -> MoveNext();
    $i = $i + 1;
}
$log -> Close();
$smarty -> assign(array("Notetime" => $arrtime, 
                        "Noteopis" => $arropis, 
                        "Noteautor" => $arrautor,
                        "Noteautorname" => $arrautorname,
                        "Notelokacja" => $arrlokacja,
                        "Noteid" => $arrid,
                        "Notepowod" => $arrpowod,
                        "Notesinfo" => NOTES_INFO,
                        "Ntime" => N_TIME,
                        "Adelete" => A_DELETE,
                        "Aadd" => A_ADD,
                        "Aedit" => A_EDIT));
/**
 * Delete post
 */
if (isset ($_GET['akcja']) && $_GET['akcja'] == 'odrzuc') 
{
    if (!ereg("^[1-9][0-9]*$", $_GET['nid'])) 
    {
        error (ERROR);
    }
	$smarty -> assign("getid", $_GET['nid']);
    $did = $db -> Execute("SELECT `id`, `idkandydat` FROM `kandydat` WHERE `id`=".$_GET['nid']);
    if (!$did -> fields['id']) 
    {
        error (NO_TEXT);
    }
	$jegoid = $did -> fields['idkandydat'];
	$did -> Close();
	if (isset ($_GET['step']) && $_GET['step'] == 'dalej') 
	{
	if (!isset($_POST['powod'])) error('Pusty powod!');
        $_POST['powod'] = str_replace("'","",strip_tags($_POST['powod']));
    $db -> Execute("UPDATE `kandydat` SET powod='".$_POST['powod']." - ".$player -> user."', wysw='N' WHERE `id`=".$_GET['nid']);
    $strDate = $db -> DBDate($newdate);
    $db -> Execute("INSERT INTO log (owner, log, czas) VALUES('".$jegoid."', '<a href=view.php?view=".$player -> id.">".$player -> user."</a> ".$player -> id." odrzucił twoje podanie z powodu: ".$_POST['powod']." Zmień lub uzupełnij podane elementy i złóż podanie ponownie', ".$strDate.")") or die($db -> ErrorMsg());       error ('Odrzuciles podanie z powodu: '.$_POST['powod']);
	}
}


if (isset ($_GET['akcja']) && $_GET['akcja'] == 'akceptuj') 
{
	if (!is_numeric($_GET['nid']) || $_GET['nid'] < 0) 
    {
        error (ERROR);
    }
    $did = $db -> Execute("SELECT `idkandydat`, `id`, `rank` FROM `kandydat` WHERE `id`=".$_GET['nid']);
    if (!$did -> fields['id'])
    {
        error (NO_TEXT);
    }
	if ($did -> fields['rank'] != 'Przybysz' && $did -> fields['rank'] != 'Member' && $player -> rank != 'Admin') error('Zapomnij o tym!');
	$db -> Execute("UPDATE `kandydat` SET `powod`=".$player -> id.", `text`=".$did -> fields['idkandydat'].", `idkandydat`=0, `wysw`='N' WHERE `id`=".$_GET['nid']) or die($db -> ErrorMsg());
	$db -> Execute("UPDATE players SET rank='".$did -> fields['rank']."' WHERE `id`=".$did -> fields['idkandydat']);
	$did -> Close();
	error ('Zaakceptowales podanie');
}


if (isset ($_GET['akcja']) && $_GET['akcja'] == 'cofnij') 
{
    if (!ereg("^[1-9][0-9]*$", $_GET['nid'])) 
    {
        error (ERROR);
    }
	$smarty -> assign("getid", $_GET['nid']);
    $did = $db -> Execute("SELECT id, rank FROM players WHERE id=".$_GET['nid']);
    if (!$did -> fields['id'])
    {
        error (NO_TEXT);
    }
	if (isset ($_GET['step']) && $_GET['step'] == 'dalej') 
	{
	if (!isset($_POST['powod'])) error('Pusty powod!');
        $_POST['powod'] = str_replace("'","",strip_tags($_POST['powod']));
	if ($did -> fields['rank'] != 'Member') error('Zapomnij o tym!');
	if ($did -> fields['rank'] == 'Member') $db -> Execute("UPDATE players SET rank='Przybysz' WHERE id=".$_GET['nid']);
    $strDate = $db -> DBDate($newdate);
    $db -> Execute("INSERT INTO `log` (`owner`, `log`, `czas`) VALUES(".$_GET['nid'].",'<a href=view.php?view=".$player -> id.">".$player -> user."</a>".$player -> id." cofnął ci rangę z powodu: ".$_POST['powod'].". Zmień lub uzupełnij podane elementy i złóż podanie ponownie.', ".$strDate.")") or die($db -> ErrorMsg());   
	error ('Cofnales gracza!');
	$did -> Close();
	}
}

/**
 * Add post
 *
if (isset ($_GET['akcja']) && $_GET['akcja'] == 'dodaj') 
{
    $smarty -> assign(array("Note" => NOTE,
                            "Asave" => A_SAVE,
                            "Nlink" => "dodaj&amp;step=send",
                            "Ntext" => ''));
    if (isset ($_GET['step']) && $_GET['step'] == 'send') 
    {
        if (empty ($_POST['body'])) 
        {
            error (EMPTY_FIELD);
        }
        require_once('includes/bbcode.php');
        $_POST['body'] = bbcodetohtml($_POST['body']);
        $strBody = $db -> qstr($_POST['body'], get_magic_quotes_gpc());
        $strDate = $db -> DBDate($newdate);
        $db -> Execute("INSERT INTO `opis` (`gracz`, `tekst`, `czas`) VALUES(".$player -> id.", ".$strBody.", ".$strDate.")");
        error (YOU_ADD);
    }
}
*/

/**
 * Edit post
 *
if (isset($_GET['akcja']) && $_GET['akcja'] == 'edit')
{
    if (!ereg("^[1-9][0-9]*$", $_GET['nid'])) 
    {
        error(ERROR);
    }
    $objText = $db -> Execute("SELECT `id`, `gracz`, `tekst` FROM `opis` WHERE `id`=".$_GET['nid']);
    if (!$objText -> fields['id']) 
    {
        error(NO_TEXT);
    }
    if ($player -> id != $objText -> fields['gracz']) 
    {
        error(NOT_YOUR);
    }
    require_once('includes/bbcode.php');
    $strNbody = htmltobbcode($objText -> fields['tekst']);
    $smarty -> assign(array("Note" => NOTE,
                            "Asave" => A_SAVE,
                            "Ntext" => $strNbody,
                            "Nlink" => "edit&amp;nid=".$_GET['nid']."&amp;step=edit"));
    $objText -> Close();
    if (isset($_GET['step']) && $_GET['step'] == 'edit') 
    {
        if (empty ($_POST['body'])) 
        {
            error(EMPTY_FIELD);
        }
        require_once('includes/bbcode.php');
        $_POST['body'] = bbcodetohtml($_POST['body']);
        $strBody = $db -> qstr($_POST['body'], get_magic_quotes_gpc());
        $strDate = $db -> DBDate($newdate);
        $db -> Execute("UPDATE `opis` SET `tekst`=".$strBody.", `czas`=".$strDate." WHERE `id`=".$_GET['nid']);
        error(YOU_EDIT);
    }
}
*/
/**
* Initialization of variable
*/
if (!isset($_GET['akcja'])) 
{
    $_GET['akcja'] = '';
}
if (!isset($_GET['step'])) 
{
    $_GET['step'] = '';
}
if (!isset($_GET['wszystkie'])) 
{
    $_GET['wszystkie'] = '';
}

/**
* Assign variable to template and display page
*/
$smarty -> assign("Action", $_GET['akcja']);
$smarty -> display ('podanie.tpl');

if (!$_GET['ajax']) require_once("includes/foot.php");
?>

